ecs-instance-os-name-check

更新时间:
复制 MD 格式

If the name of the operating system for the Elastic Compute Service (ECS) instance is included in a specified whitelist or is not included in a specified blacklist, the evaluation result is Compliant.

Scenarios

We recommend that you create an ECS instance that is deployed in a virtual private cloud (VPC) to isolate the network and ensure network security in the cloud.

Risk level

Default risk level: low.

When you apply this rule, you can change the risk level based on your business requirements.

Compliance evaluation logic

  • If the name of the operating system for the ECS instance is included in a specified whitelist or is not included in a specified blacklist, the evaluation result is Compliant.
  • If the name of the operating system for the ECS instance is not included in a specified whitelist or is included in a specified blacklist, the evaluation result is Incompliant. For more information about how to remediate an incompliant configuration, see the "Incompliance remediation" section of this topic.

Rule details

ParameterDescription
Rule nameecs-instance-os-name-check
Rule identifierecs-instance-os-name-check
TagECS, Instance, and Image
Automatic remediationSupported
Trigger typePeriodic execution
Evaluation frequencyInterval of 24 hours
Supported resource typeECS instances
Input parameter
  • osNameBlackList
  • osNameWhiteList: The default value is CentOS 7.9 64bit.
Note Specify only one of these parameters. Separate multiple OS names with commas (,).

Incompliance remediation

Configure operating systems that are included in the whitelist or not included in the blacklist for ECS instances. For more information, see Select an image.